Identity, Vulnerability Management, Threat Intelligence

Git vulnerabilities threaten credential compromise

(Credit: MCGORIE – stock.adobe.com)

BleepingComputer reports that GitHub Desktop, GitHub CLI/Codespaces, Git Credential Manager, and Git LFS could have their access tokens and credentials exfiltrated in any of the three Clone2Leak attack types, which involve the abuse of the authentication request management of Git and its credential helpers.

All of the now-patched vulnerabilities stem from credential helpers' inadequate authentication request parsing, with exploitation of the carriage return smuggling issues in GitHub Desktop and Git Credential Manager, tracked as CVE-2025-23040 and CVE-2024-50338, and the Git LFS newline injection bug, tracked as CVE-2024-53263, facilitating GitHub credential delivery to attackers' server, according to a report from GMO Flatt Security researcher RyotaK. Attackers could also leverage a credential retrieval logic flaw in GitHub CLI and GitHub Codespaces, tracked as CVE-2024-53858, to allow malicious repository cloning and authentication token compromise. Organizations have been urged to not only upgrade to the latest iterations of impacted Git software but also activate Git's 'credential.protectProtocol' to combat credential smuggling.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds